Vulnerabilities in KNIME-provided Jackson

Hi all,

I am working on a small Java library that I used in some KNIME nodes and I used the same version of the Jackson libraries provided by the KNIME update site (2.8.9) and my KNIME target file is from 4.2 ( GitHub’s bot warned me of many vulnerabilities in jackson-databind 2.8.9, 25 according to Fasterxml Jackson-databind version 2.8.9 : Security vulnerabilities, and recommends me to use Do you know if there is a newer version of this library in later KNIME releases or is it considered to upgrade in the future?


Hello @miguelalba,

We recommend that you upgrade AP to 4.3.2 (latest) and then run updates/install latest extensions. Anecdotally, my installation of 4.3.2 has jackson-databind 2.11.0 listed as part of the installation.

Thank you,


This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.